Pulse/docs
rcourtman 313648b2f1 feat(mcp): add additive fleet-context filtering
get_fleet_context returned the whole registry with no way to narrow it,
so a large fleet produced a payload that exceeded the agent harness's
50KB cap and forced agents to receive or page through healthy resources
that are pure noise from a triage standpoint.

Add optional additive query-param filters — hasFindings, severity,
technology, resourceType — that compose by intersection. All optional
(omitting every filter returns the full fleet, backward compatible);
unknown/unmatched values return 200 with resources: [] (a valid triage
answer, not an error). The hasFindings=true filter is the headline
triage case: show me only what needs attention.

The MCP adapter layer had no GET query-param transport — ProjectCapabilityCall
short-circuited GET after path substitution and dropped all other args.
Close that gap generically: ProjectedCall gains a Query url.Values field
populated from leftover non-path public args for GET/DELETE, and
BuildCapabilityHTTPRequest encodes it onto the request URL. Benefits any
future GET capability with filter args, not just fleet-context. The
resources/list adapter calls fleet-context with empty args and continues
to receive the unfiltered fleet.

The manifest now declares the filters via inputSchema so they are
discoverable through the capability surface the same way add_node's
params are.

- ProjectedCall.Query + GET query-param forwarding (projection.go, http.go)
- fleetContextFilter parsing/matching in HandleFleetContext
- fleetContextInputSchema + InputSchema on the capability
- Regenerated cmd/pulse-mcp/README.md via generate-pulse-intelligence-docs
- Contract updates: api-contracts, ai-runtime, agent-lifecycle, storage-recovery
- Tests: adapter query-forwarding unit tests, 7 filter handler tests
  (hasFindings/severity/technology/resourceType/no-filter/unknown/compose),
  contract pinning inputSchema + end-to-end query forwarding
2026-07-03 18:01:05 +01:00
..
api
architecture backend and governance: MCP contract, agent capabilities, API, and release-control 2026-06-23 17:26:15 +01:00
i18n Add localized public docs entry points 2026-06-13 08:07:46 +01:00
images
monitoring Fix security scan findings 2026-07-01 09:55:35 +01:00
operations Rename retired trial acquisition proof assets 2026-04-28 18:38:10 +01:00
release-control feat(mcp): add additive fleet-context filtering 2026-07-03 18:01:05 +01:00
releases Record v6 GA owner approval 2026-07-02 21:33:37 +01:00
security Prefer agent temperatures over SSH fallback 2026-07-03 10:43:28 +01:00
AGENT_SECURITY.md Surface v5 agent migration security guidance 2026-06-03 09:18:07 +01:00
AGENT_SUBSTRATE.md backend and governance: MCP contract, agent capabilities, API, and release-control 2026-06-23 17:26:15 +01:00
AI.md Harden GA telemetry disclosure 2026-07-02 11:50:03 +01:00
AI_AUTONOMY.md backend and governance: MCP contract, agent capabilities, API, and release-control 2026-06-23 17:26:15 +01:00
API.md Accept ping alias for availability targets 2026-06-29 22:43:13 +01:00
AUDIT_LOGGING.md Label legacy Pro Plus in customer docs 2026-04-26 22:01:24 +01:00
AUTO_UPDATE.md Route operator updates through the local signed helper 2026-04-22 16:18:16 +01:00
CANONICAL_ALERT_ENGINE_MIGRATION_2026-03-10.md
CENTRALIZED_MANAGEMENT.md Clarify agent upgrade and notification docs 2026-06-12 19:26:26 +01:00
CLOUD.md Reconcile provider-hosted MSP copy 2026-06-02 19:14:18 +01:00
CONFIGURATION.md Harden GA telemetry disclosure 2026-07-02 11:50:03 +01:00
DEPLOYMENT_MODELS.md Reconcile provider-hosted MSP copy 2026-06-02 19:14:18 +01:00
DOCKER.md Clarify agent upgrade and notification docs 2026-06-12 19:26:26 +01:00
FAQ.md Prefer agent temperatures over SSH fallback 2026-07-03 10:43:28 +01:00
INSTALL.md Fix manual systemd install snippet binary path 2026-05-12 10:51:03 +01:00
KUBERNETES.md Fix helm chart agent.enabled by routing through main pulse image 2026-05-12 16:11:56 +01:00
MAIL_GATEWAY.md
METRICS_HISTORY.md Reduce metrics rollup write amplification 2026-05-03 21:43:20 +01:00
MIGRATION.md Label legacy Pro Plus in customer docs 2026-04-26 22:01:24 +01:00
MIGRATION_UNIFIED_NAV.md Finalize v6 GA release packet 2026-06-03 17:15:00 +01:00
MSP.md Document connecting client Proxmox/PBS over the provider VPN in MSP.md 2026-06-10 14:35:14 +01:00
MULTI_TENANT.md Harden MSP tenant isolation: scope org-bound tokens away from default org, propagate webhook allowlist to all tenants 2026-06-10 11:37:39 +01:00
OIDC.md Fix four customer-facing doc drift findings (RBAC, OIDC, helm, webhooks) 2026-05-12 15:54:24 +01:00
PBS.md Clarify agent upgrade and notification docs 2026-06-12 19:26:26 +01:00
PRIVACY.md Harden GA telemetry disclosure 2026-07-02 11:50:03 +01:00
PROXY_AUTH.md Fix security scan findings 2026-07-01 09:55:35 +01:00
PULSE_PRO.md backend and governance: MCP contract, agent capabilities, API, and release-control 2026-06-23 17:26:15 +01:00
RBAC.md Reconcile provider-hosted MSP copy 2026-06-02 19:14:18 +01:00
README.md backend and governance: MCP contract, agent capabilities, API, and release-control 2026-06-23 17:26:15 +01:00
RECOVERY.md Simplify recovery presentation and type contracts 2026-05-14 21:08:54 +01:00
RELAY.md Wire PULSE_RELAY_ENABLED and PULSE_RELAY_SERVER as real env overrides 2026-05-12 11:18:31 +01:00
RELEASE_NOTES.md Prepare v6.0.0-rc.7 release candidate 2026-06-27 09:06:02 +01:00
REPO_BOUNDARY.md
REVERSE_PROXY.md
SCREENSHOTS.md Align Relay copy with standalone tier 2026-04-30 11:01:22 +01:00
SECURITY.md
STORAGE_ARCHITECTURE.md
TEMPERATURE_MONITORING.md Prefer agent temperatures over SSH fallback 2026-07-03 10:43:28 +01:00
TROUBLESHOOTING.md Prefer PVE 9 guest-agent privileges in setup 2026-07-03 11:15:51 +01:00
TRUENAS.md Add native TrueNAS VM inventory to overview 2026-05-20 22:32:46 +01:00
UNIFIED_AGENT.md Improve Patrol SMART disk evidence 2026-06-29 18:17:24 +01:00
UNIFIED_RESOURCES.md
UPGRADE_v5.md Prepare v6.0.0 release candidate 2026-06-04 14:07:14 +01:00
UPGRADE_v6.md Prepare v6.0.0-rc.7 release candidate 2026-06-27 09:06:02 +01:00
VM_DISK_MONITORING.md
WEBHOOKS.md Clarify agent upgrade and notification docs 2026-06-12 19:26:26 +01:00
ZFS_MONITORING.md

📚 Pulse Documentation

Welcome to the Pulse documentation portal. Here you'll find everything you need to install, configure, and master Pulse.


v6 Execution Canonical Source

For Pulse v6 build/release execution work, do not start from this broad docs index. Use:

  1. docs/release-control/v6/internal/SOURCE_OF_TRUTH.md for stable human governance and locked decisions
  2. docs/release-control/v6/internal/status.json for live lane state, lane-to-subsystem ownership, structured evidence references, typed lane/subsystem decision records, and canonical ordered lists
  3. docs/release-control/v6/status.schema.json for the machine-readable status contract
  4. docs/release-control/v6/internal/subsystems/registry.json and docs/release-control/v6/internal/subsystems/registry.schema.json for subsystem ownership, explicit shared-ownership exceptions, and proof-routing rules
  5. python3 scripts/release_control/status_audit.py --check if you need a machine-derived evidence health audit
  6. python3 scripts/release_control/registry_audit.py --check if you need a machine-derived subsystem registry audit
  7. python3 scripts/release_control/contract_audit.py --check if you need a machine-derived subsystem contract audit, including explicit cross-subsystem dependency checks and exact registry-derived shared-boundary wording Local pre-commit runs the v6 machine audits against staged control-file content so partial staging cannot hide governance drift. Local pre-commit also blocks partial staging for hook-sensitive governance files under docs/release-control/v6/, scripts/release_control/, internal/repoctl/, .husky/pre-commit, and .github/workflows/canonical-governance.yml, because those checks still execute or structurally read the working-tree versions locally.
  8. python3 scripts/release_control/subsystem_lookup.py <path> [<path> ...] --pretty --lean if you need subsystem ownership, proof routing, exact contract-focus lines, and compact lane context for a change

For governed runtime changes, a staged subsystem contract only counts if its diff updates a substantive contract section such as Purpose, Canonical Files, Shared Boundaries, Extension Points, Forbidden Paths, Completion Obligations, or Current State, rather than metadata alone.

All other documents are supporting references unless explicitly required for evidence.


🚀 Getting Started

  • Localized getting started: DeutschEspañol. These first-wave pages cover the public install path and preserve commands, config keys, image names, activation keys, and product identifiers exactly.
  • Installation Guide Step-by-step guides for Docker, Kubernetes, and bare metal.
  • Configuration
    Learn how to configure authentication, notifications (Email, Discord, etc.), and system settings.
  • Deployment Models
    Where config lives, how updates work, and what differs per deployment.
  • Migration Guide
    Moving to a new server? Here's how to export and import your data safely.
  • Upgrade to v6
    Practical upgrade guidance and post-upgrade checks for Pulse v6.
  • FAQ Common questions and quick answers.

🛠️ Deployment & Operations

🔐 Security

  • Security Policy The core security model (Encryption, Auth, API Scopes).
  • Privacy What leaves your network (and what doesnt).
  • OIDC / SSO OIDC Single Sign-On configuration (Authentik, Keycloak, Azure AD, etc.).
  • Proxy Auth Authentik/Authelia/Cloudflare proxy authentication configuration.
  • Agent Security Agent privilege model, Proxmox API-only choices, and self-update verification.

📖 Advanced Topics (Relay / Pro / legacy Pro+ / Cloud)

  • AI Modes & Safety Configure Patrol mode, assistant control levels, investigation tuning, and safety guardrails.
  • Role-Based Access Control (RBAC) Define custom roles, assign permissions, and integrate with OIDC group mapping.
  • Audit Logging Tamper-evident event logging for compliance, with query, export, and signature verification.

New in 6.0

💳 Plans (Community / Relay / Pro / Cloud)

Pulse is available in three self-hosted tiers plus hosted Cloud:

  • Community: Free self-hosted monitoring with core monitoring included and 7-day history.

  • Relay: Adds secure remote access to the Pulse web UI, Pulse Mobile pairing for handoff, push notifications, and 14-day history.

  • Pro: Adds hands-on Patrol modes, issue investigation, governed fixes, verified outcomes, operations tooling, governance features, and 90-day history.

  • Cloud: Hosted Pulse with Pro-level capabilities; hosted pricing is unchanged by the self-hosted model lock.

  • Learn more at pulserelay.pro

  • Plans and entitlements (includes the Community/Relay/Pro/Cloud matrix)

  • AI deep dive

  • Multi-Tenant Organizations (Enterprise) — Isolate infrastructure by organization for MSPs and multi-datacenter deployments.

📡 Monitoring & Agents

💻 Development

📁 Previous Versions


Found a bug or have a suggestion?

GitHub Issues